Welcome to my blog. Here, I will post items of interest to me most likely focusing on:

Security in Healthcare Information Technology

Electronic Voting Security

Computer and Network Security

Sailing

Poker

Sports: Soccer, tennis, golf, football, Michigan sports

Friday, October 27, 2006

A response to EAC Chairman op-ed

In an opinion piece yesterday, EAC chairman Paul DeGregorio argues that academics who are criticizing electronic voting machines are running experiments "in the sterile environment of a laboratory" and that the "hype over hacking [can] discourage voters from participating in elections." He also states that the academic, computer scientists who demonstrate that we can "hack a voting machine" with "unlimited time and resources" are proving nothing. I believe that these comments are aimed more at Ed Felten than at me, but I feel compelled to respond, or at least, to blog about this here.

In my book, Brave New Ballot, I use an analogy about the way the FDA tests drugs to demonstrate how broken the voting system testing process is. This comment by Mr. DeGregorio brings that analogy to mind again. Say that a drug is released to the public and that several well regarded doctors test the drug in their labs and determine that for some reason, this drug is dangerous. Can you imagine someone in the government reacting to that by encouraging people to use the drug and stating that these academic scientists are testing the drug in an unrealistic setting?

But, by responding that way, in a sense, I'm taking the bait because Mr. DeGregorio has actually mischaracterized our position with respect to electronic voting. His op-ed article is based on the flawed assumption that we oppose DRE voting machines because they can be hacked in the lab. While I believe that these machines are indeed vulnerable to undetectable viruses, and while I believe that the demonstrations put forward at Princeton are realistic and frightening, the truth is that focusing a debate on that question is a distraction from our real reasons for opposing these voting machines.

These machines are software based. They require trust in the people who wrote the software. They require that the software be free of bugs, and they provide no means for auditing or checking the vote count. The system is the least transparent voting apparatus I can imagine. Why should we use voting systems that require trust in the manufacturer, trust in their software, and trust that there will never be physical access to the machines by an attacker when there are simple, and available voting technologies (e.g. machine or hand marked paper ballots with precinct optical scan and random audits) that do not require that level of trust?

Paul DeGregorio states in his article:

"The bottom line is that our nation's voting equipment, election results and election officials can and should be trusted. Election officials ... deserve constructive criticism and solutions, not baseless attacks and unfounded accusations about the equipment they use. Attacking their integrity and the system in broad strokes is even less productive."

I have not seen any reason to trust our nation's voting equipment. Trusting it just because an election official says we should is not good enough for me. I want to trust a system because I don't believe it can be compromised, not because someone implies that not trusting it is not patriotic.